Uncategorized

Apologies to the three people who read this blog regularly, The last month has been very busy.

So far we have configured a Root CA, and imported a certificate into what will become our first connection server, and a setup a SQL database. Now we are ready to install and do a basic setup our first connection server.

Installing the Horizon View Connection server.

Connect to the server you will be using as your connection server.

Copy across the installer and double click to run.

Click Yes. To accept the UAC warning.

Click Next.

Select “I accept the terms in the license agreement” and click Next.

Here you can change the installation location if you prefer. Click Next.

On the Installation Options window:

Select “Horizon 7 Standard Server as the install.

Select “Install HTML Access”, this is technically not necessary but I would recommend it.

Select the IP protocol you use. IPv4 would be the most common I expect

Click Next.

Enter in a password for Data Recovery and a hint if you prefer. Click Next.

Select whichever is appropriate for your environment, bearing in mind that most companies will have the servers firewall controlled via GPO. So check with your Windows and Security guys. In this case I want the firewall of this server to be configured automatically. Click Next.

Select whether you’d like the local Administrators Group to have Admin rights to view. This can be changed later but I generally prefer not to from the start. Click Next

Choose whether you want to join the VMware Customer Experience Program or not. If your company policy allows it I would recommend you do. Click Next.

Click Install.

Once the installer is done, click Finish.

Now we have the Horizon View Connection Server installed which can be verified by going to http://<your_full_server_address>/admin.

In part 2 we’ll get the basic config done. Adding a vCenter server, connecting to the events DB and licensing your install.

While Horizon View does come with self signed certificates but it is always best, in a production environment, to your own SSL certificates.

I connect to my lab remotely using, either my laptop, or other mobile device and like to know that my connection is secure.

If you don’t want to setup your own cert server Lets Encrypt is a public CA and does offer certificates (wild card certs too) for free. If you do choose to use them please consider donating. They are an opensource and free setup and could use your help.

Installing a root CA.

I used a windows 2016 server for this deployment.

In the Server Manager window click on Add roles and features.

Select Role-Based or feature-base installation and click Next.

Select the local server and click Next.

Select Active Directory Certificate Services, and click Next.

Check Include management tools (if applicable). Click Add Features.

Click Next.

Click Next.

Click Next.

Click Next.

Select Certificate Authority. Click Next.

Click Install.

Once the install is complete Click Close.

Once the Install is finished we need to complete the post install tasks. Navigate to Server Manager and click on the alert icon. Click on the post deployment task that needs to be completed.

If you need to change the credentials do so here. I just used the creds I was logged in with. Click Next.

Select Certification Authority and click Next.

Select Enterprise CA and click Next. You can select Standalone CA if that’s what you need. The options might be slightly different.

Select Root CA and click Next.

Select Create a new private key and click Next.

Select the following:

Cryptographic provider – RSA#Microsoft Software Key Provider

Key length – 2048

Algorithm – SHA256

Click – Next.

Leave the defaults and click Next.

Select the validity period of your certificate. (I chose to leave it at 5 years. In a prod environment you might want that to be less). Click Next.

Before you read on, please note that all the hard work has been done by William Lam and if you live under a rock and haven’t come across his website before please go and check it out over at https://www.virtuallyghetto.com.

Honestly, once you’ve rebuild your lab more then twice the novelty wears off fast. That’s what makes these appliances are incredibly convenient.. It takes literally 2-3 minutes to have a fully functioning deployed Nested ESXi host, with all the little bits and pieces of config and vibs you would normally have to go in and setup yourself. Only one small problem, while it deploys into ESXi just fine and dandy, it doesn’t deploy onto fusion/workstation because it has virtual hardware that just isn’t compatible with Fusion/Workstation. 🙁

Once the Nexted ESXi host has booted for the first time and run the config scripts. You’ll need to power it down and set VT-x/EPT support for the virtual machine. (I’ll add it in to the ovf instructions soon).

On Saturday the 5th of March, I had the pleasure of sitting the beta of the VCAP6-DCV design exam.

Since more exam centers are now able to host the exam I chose a center near me, which was really convenient as they are also open on a Saturday. After passing all the usual security checks and getting shown to my seat and logging in, the familiar NDA popped into view and I was away.

The beta exam was 4 hours and I finished with time to spare. Was the exam difficult? Sure, but there were no questions that were outside the blueprint.

Most of the experience was a massive improvement over the VCAP5 exam. No lag, fast, and easy to navigate. However every silver lining has a cloud, in the middle of one tricky design question, everything locked up and up popped an error with the Pearson exam engine. I signaled to the exam monitor that I had a problem. She spent the next few minutes on the phone with an incredibly unhelpful Pearson. They claimed that everything but themselves was to blame. Suddenly, as soon as it began the problem mysteriously resolved itself. Weird *cough* Pearson messed up *cough*. One or two of the questions were also incomplete and didn’t provide all the info I needed but I did add notes and suggestions where appropriate so hopefully that will help.

If I’ve managed to do enough to pass I’ll get myself lifted to the VCIX-DCV cert, which would be a bonus.

Exam Tips:

The exam itself is filled with all the new vSphere 6 goodness, so if you’ve just passed the VCAP5-DCD and are expecting to walk this exam you’ll most likely waste your money.

As is obvious from the many blogs about, the VMware design exams are difficult but not impossible.

Having design experience is ideal but not essential. You can work this to your advantage which I’ll explain in a bit.

If you think the question or scenario is incomplete, there is the option to add a note to any question.

Get a lab together, it you can. There are cloud services out there you can use to run a virtualised lab.

Don’t allow yourself to get rattled. If you are struggling, flag the question for review and come back to it later.

Put a study plan together based on the official blueprint. There is a large body of information to absorb so make sure you budge your time appropriately.

Know your Requirements, Risks, Assumptions, and constraints.

Some scenarios have a large amount of information, some relevant to the design, some not, but all must be considered. Take notes while reading the question or scenario and focus on what they’ve asked you. It’s a valuable time saver.

If you have time at the end of the exam, use it to review your questions but try not to second guess yourself.

And finally as I mentioned before, if you don’t have real world design experience make it work to your advantage. Wait, what, how’s that? As anybody who’s run through a few designs know, there’s usually more than one way to skin a cat. Well VMware likes you to do your designs in a specific way and they have certain methodologies and ways of looking at the world. For example, the whole upstream, downstream, thing drives me crazy, and different companies either consider the user upstream or downstream. If you learn how to do designs the way VMware wants you to, without outside influence, it’ll be easier to visualise what they are after.

I’ve often heard techies who’ve sat this exam complain that technical designs are subjective, but it shouldn’t really be the case here. It’s a VMware exam and should be done the VMware way. Follow the blueprint, read the study guides and provided you also put in the study time, you’ll do just fine.

Veeam have done an amazing job with their backup product and it wasn’t too long ago that if you wanted to backup your VM’s then Veeam was the only realistic choice. The other backup vendors are catching up and more choice is starting to appear in the market but Veeam still have the edge and because of this are the clear leaders, in my opinion, for VM backups.

What Veeam have always done, as far as I can remember, is offer free versions of their products. There are limitations, of course, but you can still monitor and backup the products. Where I used to work we used the free version of Veeam One for quite a while before we made the jump to the paid version.

With the free version of the backup product you can only backup one VM at a time in the GUI, which could be cumbersome. In addition it doesn’t work on the free version of ESXi. I’m guessing that VMware called in a favour there. However you can do some scripting around this as sometime last year Veeam decided to allow some powershell CMDLETs to be called in the free version. This is great because you can now script around the limitation of “one VM at a time” and I use this script myself to backup my home lab. For a small shop, home lab, small engineering environment its perfect. I tend to do some fairly destructive things to my lab and this saves time rebuilding.

However I would still recommend going with one of the paid for versions if you are looking at backing up VM’s in a production environment. There is much goodness and value in the paid versions.

Installing Veeam Backup Free edition V9.

Before you continue you’ll need to go to Veeam’s website and create an account to download the Backup software ISO. The ISO is large at 1.2TB. I’m using a Windows 2012 R2 server for this install guide and it allows me to mount an ISO as a virtual DVD. If you are using an older version of windows you’ll need to extract the ISO.

Right click the ISO and select mount.

Browse to the mounted ISO and double click Setup.

If you get a User Account Control warning click yes.

Click on the Backup and Replication panel.

If, like me, you skimp on resources in your lab you’ll get this message. Click Yes.

One of the cool features of the Veeam installer is that it actually offers to install the missing requirements. Click OK

Once the .NET requirement is met the installer starts. Click Next.

Select “I accept the terms in the license agreement” and click Next.

If you have a license key you can click Browse and select it but as we are using the free version you only need to click Next.

The default on this window is to have all three features selected for installation, however you can decide not to install the console for example. I have left the three features enabled. Select Next.

Again, trying to make things as easy as possible by offering to install the missing requirements. If you, like me didn’t have them installed, select Install.

Once the requirements have been met, click Next.

The default configuration should work for most free installs, for most licensed installs too, but its good to have to option there if you need it. Click Install.

Once the update is done click Finish.

On your desktop you’ll now have the Veeam Backup & Replication Console icon. A quick double click will open up the login screen for Veeam Backup.

So really easy and simple. Most people don’t really think about the installer for an APP but I’m always impressed that its so simple with veeam. How many times have you had to go and download an obscure patch or track down a particular version of .NET. Many vendors could learn a thing or two here, yes NetApp, I’m looking at you..

I was introduced to mind maps at school as a way to take notes during class but never really worked with them. Earlier in the year, while studying for my DCD I happened to see somebody at the library referring to a mind map while they were working.

That got me thinking; mind maps are quite personal as in you put it together. In effect, its your mind map, its put together in a way that you can reference information clearly as it relates to how you have stored it in your mind.

I was going through Jason Grierson excellent DCD 5.5 Study pack at the time and decided to create a series of mind maps from the info. This allowed me to very quickly go and look for the detail I needed. If you are studying towards your DCD the DCD 5.5 Study pack is a really good collection of information that you should download and go through.

Lets take a look at the map I created for the three different types of designs that VMware references. This is quite a small map but allowed me to quickly get the differences between Conceptual, Physical, and Logical designs.

The next map looking at the four design factors has a bit more detail giving examples and definitions of risks, assumptions, constraints and, requirements.

And as a better example this map dives into the design requirements of manageability, recoverability, availability , security, and performance. Still not a big mind map by any means (the ones I’ve been working on for my VCDX are getting a bit on the big side).

Many of the maps I create will only ever be seen by me. I use them as references when working on designs. Actually I’ve been using them for any projects I now have, both professional and personal. I’m looking at doing some work on my kitchen and this tool has helped keep all my ideas together in a way that I can easily reference them.

The reason I chose to show these maps is to give you another tool when putting together designs and working out what the client/your boss is trying to get you to do.

The software I use to create my maps is Simplemind. It’s avaliable for PC, MAC, Android, and IOS. There is less featured free version for IOS and Android. The map can be shared through all platforms via Dropbox.

I have a confession to make. I am a Virtual SAN junkie. From the performance, to the expandability, to the simplicity, it’s an amazing product. The whole concept makes me wonder why the big storage players didn’t come up with the idea first.

Looking forward, the future forVSAN is very bright. This is a massive development and I think it will have wider reach than NSX. It’s so easy to get up and running, that a business of any size could spin it up with little effort. Just don’t forget to validate against the HCL.

Now, if you are happy with that and don’t really intend to do much with it then click away now, but if you want to understand more about the technology you are running then Duncan Epping and Cormac Hogans book Essential Virtual SAN is one of the best resources you can sink your money into.

Before we carry on, one thing to note is that this book is written around VSAN 1.0. While VSAN 6.1 is out it’s not 6 versions further on but more like 1 full release and 1 point release further on. VMware changed the version numbers to reflect the vSphere versions. So that said, this book isn’t obsolete. Far from it. The new versions really only build on what is already an amazing platform. It is still completely relevant, just missing some new goodies, like stretched clustering and info about the updated file system. For all the updated info have a crawl through Cormac’s blog and the VMware Technical Papers.

I’ve ready a couple of Duncan’s other books, the vSphere 5.1 Clustering Deep dive written with Frank Denneman for example,and found them to be very easy to read. Often a book aimed at techies can be very dry, which makes then a struggle. Cormac is Mr VMware Storage and his blog, read by many people, is always informative and good to read.

Essential Virtual SAN on the other hand reads well. The sections are well thought out and the book takes you from introducing VSAN all the way through to using the vSphere ruby console to look in real detail at what the individual disks are doing.

The authors do state that this is not a starters guide, while they are right, I found this book to be more than enough for both beginners and the more experienced to really find useful.

Duncan and Cormac’s enthusiasm for VSAN really comes through in this book. Obvious, I know, when you look at their blogs, but it does feel like this is more than a 9-5 for them.

At the office we have recently deployed VSAN. This went through the usual steps of putting it in engineering, running a successful POC and finally getting senior management buy in to roll it out. This book was a huge help in helping me boost my knowledge and fielding any concerns raised by the business.

I did attend the VSAN deploy and manage course, this book is better.

The future for VSAN is bright and, to me it’s clear that this should be on your roadmap, if it isn’t already.

As a follow up to my previous post, I’ll go through deploying and configuring the Graylog OVA. It’s really, really easy. if face the whole process should only take about 20 minutes before you have a set-up ready to receive logs.

1 – OVA Deployment.

Log in the vSphere web client using an account that has permission to configure the environment.

Select Home and Hosts and Clusters.

Right click the cliuster you want to deploy Graylog into and select Deploy OVF template.

Select Browse and select the Graylog OVA.

Select Next.

Give you Graylog OVA a name and select a folder for it to go into. Select Next.

Select a Virtual Disk Format. Choose a Storage Policy and a datastore to deploy the OVA into and click Next.NOTE: If this is going into production and you anticipate a large amount of logs to come in then you should set your disk format to be Eager Zero Thick.

Choose a network.

Review your setting and click Finish.

vSphere will go off and deploy your OVA. The above process will take about 5 minutes.

2 – OS network configuration.

The Graylog OVA is based around Ubuntu and is configured with DHCP straight out of the box. If that doesn’t bother you skip this step.

Open a console to the Graylog VM. Login using the username ubuntu and the password is ubuntu.

Delete iface eth inet dhcp and replace with the following (but customising to your network requirements). exit when done (:wq!)

Next we’ll tidy up the hosts file. (sudo vi /etc/hosts).

I’ve chosen to keep my hostname as Graylog so all I needed to do was change 127.0.1.1 to127.0.0.1.

You’ll need to edit resolv.conf.

Set the nameserver entries to match the DNS servers in your environment. One for each DNS server you want to use. In addition set domain and search to match your domain.

Once you’ve done all of that run sudo graylog-ctl reconfigure. This will catch any change you have made that Graylog might rely on.

Its imporant to note here that the graylog-ctl script is quite versatile and allows you to make chages to Graylog, such as change your timezone and admin password, which should be done if you want to push this into a production environment,. Note: If you do make any changes make sure you run sudo graylog-ctl reconfigure.

OK so to be fair the above took me about 10 minutes to do, however if you are not familiar with Linux it’ll take longer but the Ubuntu community is very active and can help.

3 – Input Configuration.

So now we have our Graylog server ready to go, well almost. The amount of inputs that Graylog can receive is quite vast. In addition to the preconfigured inputs you can make your own. We’ll look at configuring the most common. the syslog input for both UDP and TCP.

Browse to your Graylog server and, if it’s running you’ll be greeted with the login prompt.

In the menu bar across the top select System and Inputs.

From the drop down menu under Inputs in Cluster select Syslog TCP and click Launch new input. In the setting box all you need to do is give your new input a name (e.g. Syslog_TCP).

Setup the same for Syslog UDP.

That’s really as difficult as it gets. Now you have the basic features set-up and configured all you need to do is point the infrastructure you want to log at it.

So the previous two posts only really scratch the surface of what is a really powerful tool. Being an opensource project,the code is readily available for anybody to look at. API;s are exposed and documented, dashboards and alerts can be configured, and custom inputs can be setup, to name a few.